1
00:00:00,110 --> 00:00:02,270
So now let's talk about Trusted Advisor.

2
00:00:02,270 --> 00:00:03,400
So when you have an account,

3
00:00:03,400 --> 00:00:05,800
you want to get a high level account assessment

4
00:00:05,800 --> 00:00:08,160
from AWS to analyze your accounts

5
00:00:08,160 --> 00:00:09,630
and provide recommendations.

6
00:00:09,630 --> 00:00:12,170
So for this, we can use the Trusted Advisor.

7
00:00:12,170 --> 00:00:13,814
It will analyze five categories

8
00:00:13,814 --> 00:00:16,610
of problems on your accounts.

9
00:00:16,610 --> 00:00:18,600
It could be around cost optimization,

10
00:00:18,600 --> 00:00:22,760
performance, security, fault tolerance and service limits.

11
00:00:22,760 --> 00:00:24,800
Now Trusted Advisor has two tiers.

12
00:00:24,800 --> 00:00:26,540
The first tier gives you the core checks

13
00:00:26,540 --> 00:00:28,720
and recommendations for all customers.

14
00:00:28,720 --> 00:00:30,440
That are the basic checks

15
00:00:30,440 --> 00:00:32,060
that will give you some information

16
00:00:32,060 --> 00:00:34,320
about what you can do to improve your accounts.

17
00:00:34,320 --> 00:00:36,922
You can also get weekly email notification from the console

18
00:00:36,922 --> 00:00:38,720
directly from Trusted Advisor,

19
00:00:38,720 --> 00:00:41,220
to make sure that you are on track every single week.

20
00:00:41,220 --> 00:00:44,220
But then to get the full power of Trusted Advisor,

21
00:00:44,220 --> 00:00:46,530
you need to have a support plan

22
00:00:46,530 --> 00:00:48,640
of business or enterprise.

23
00:00:48,640 --> 00:00:50,700
We will see the support plans in details

24
00:00:50,700 --> 00:00:51,860
in the next lecture

25
00:00:51,860 --> 00:00:54,040
but from an exam perspective, remember that

26
00:00:54,040 --> 00:00:57,350
with business or support plans, you will get access

27
00:00:57,350 --> 00:01:00,460
to the full Trusted Advisor capability or beforehand

28
00:01:00,460 --> 00:01:03,130
you will only get the core checks.

29
00:01:03,130 --> 00:01:05,880
So with the full capability,

30
00:01:05,880 --> 00:01:07,530
we can set CloudWatch alarms

31
00:01:07,530 --> 00:01:09,640
when reaching service limits for example

32
00:01:09,640 --> 00:01:12,560
and more importantly, we can get Programmatic Access

33
00:01:12,560 --> 00:01:16,210
to Trusted Advisor using the AWS support API.

34
00:01:16,210 --> 00:01:18,700
So again yet another thing to remember for the exam,

35
00:01:18,700 --> 00:01:22,670
if you don't use business and enterprise support lens,

36
00:01:22,670 --> 00:01:27,260
then you do not have programmatic access to Trusted Advisor.

37
00:01:27,260 --> 00:01:29,600
Now what are the checks done by Trusted Advisor

38
00:01:29,600 --> 00:01:31,070
or some important ones?

39
00:01:31,070 --> 00:01:32,610
Well for cost optimization,

40
00:01:32,610 --> 00:01:35,020
it will show you the EC2 instances

41
00:01:35,020 --> 00:01:36,630
that are under utilized.

42
00:01:36,630 --> 00:01:39,600
The load balancer that are idle, so not doing anything

43
00:01:39,600 --> 00:01:42,640
or the EBS volumes that are again under utilized.

44
00:01:42,640 --> 00:01:44,610
It will show you the reserved instances

45
00:01:44,610 --> 00:01:47,090
and saving plans optimization.

46
00:01:47,090 --> 00:01:49,718
Now for performance, you will get some information around

47
00:01:49,718 --> 00:01:52,780
the EC2 instances that have a very high utilization,

48
00:01:52,780 --> 00:01:54,930
maybe because they are already utilized

49
00:01:54,930 --> 00:01:57,850
as well as the CloudFront CDN optimizations.

50
00:01:57,850 --> 00:01:59,290
It will show you the performance

51
00:01:59,290 --> 00:02:00,820
and optimization you can get

52
00:02:00,820 --> 00:02:03,920
by linking EC2 to EBS, as well as

53
00:02:03,920 --> 00:02:07,070
alias records recommendation on your DNS.

54
00:02:07,070 --> 00:02:09,520
For security, you will get some information

55
00:02:09,520 --> 00:02:13,080
on whether or not MFA is enabled on the root account.

56
00:02:13,080 --> 00:02:15,100
If your IAM keys have been rotated recently,

57
00:02:15,100 --> 00:02:17,960
as well as the exposed IAM access keys.

58
00:02:17,960 --> 00:02:20,570
You get for example, if one of your employees

59
00:02:20,570 --> 00:02:22,740
somehow happens to lose their access keys,

60
00:02:22,740 --> 00:02:23,840
there on the internet.

61
00:02:23,840 --> 00:02:25,496
Then there will be what's called exposed

62
00:02:25,496 --> 00:02:27,650
and Trusted Advisor will let you know about it

63
00:02:27,650 --> 00:02:31,700
because you definitely want to shut down these access keys.

64
00:02:31,700 --> 00:02:34,030
They will also show you security issues

65
00:02:34,030 --> 00:02:35,730
around S3 bucket permissions.

66
00:02:35,730 --> 00:02:38,200
For example, if a bucket has public access,

67
00:02:38,200 --> 00:02:39,500
or if your security groups

68
00:02:39,500 --> 00:02:43,320
have unrestricted ports especially on SSH.

69
00:02:43,320 --> 00:02:46,330
For fault tolerance, you will get some information around

70
00:02:46,330 --> 00:02:49,630
the EBS snapshots age, the balance between

71
00:02:49,630 --> 00:02:52,150
the different AZ as well as whether or not

72
00:02:52,150 --> 00:02:54,550
your auto scaling groups, your RDS

73
00:02:54,550 --> 00:02:57,710
and your ELB are both Multi-AZ.

74
00:02:57,710 --> 00:02:59,660
Now for service limits, you will get information

75
00:02:59,660 --> 00:03:01,553
whether or not you are reaching the service limit

76
00:03:01,553 --> 00:03:04,260
for a specific service and therefore

77
00:03:04,260 --> 00:03:05,472
increase that service limits

78
00:03:05,472 --> 00:03:08,100
before you actually reach it.

79
00:03:08,100 --> 00:03:10,060
So let's go into Trusted Advisor

80
00:03:10,060 --> 00:03:11,540
from the management console.

81
00:03:11,540 --> 00:03:14,500
And we can see that we have the five categories right here.

82
00:03:14,500 --> 00:03:18,070
And because I don't have an enterprise or a business plan,

83
00:03:18,070 --> 00:03:21,100
I will only have access to what's called the core checks.

84
00:03:21,100 --> 00:03:24,060
So for example, if we go to cost optimization,

85
00:03:24,060 --> 00:03:26,930
we can see that I don't have access to any of those,

86
00:03:26,930 --> 00:03:28,930
because none of that is under the core checks

87
00:03:28,930 --> 00:03:30,462
for this I need to upgrade

88
00:03:30,462 --> 00:03:34,650
to a support plan that's going to be business or enterprise.

89
00:03:34,650 --> 00:03:36,790
If I go to performance, yet again I need to upgrade

90
00:03:36,790 --> 00:03:37,890
so it's not very good.

91
00:03:37,890 --> 00:03:40,100
For security, I get access to the core checks.

92
00:03:40,100 --> 00:03:43,060
So it will look at the public snapshots of EBS,

93
00:03:43,060 --> 00:03:45,030
the public snapshots of RDS

94
00:03:45,030 --> 00:03:47,080
the bucket permissions of my S3 buckets.

95
00:03:47,080 --> 00:03:48,740
And it will tell me what's going on.

96
00:03:48,740 --> 00:03:52,330
The IAM use, the MFA on root accounts and so on.

97
00:03:52,330 --> 00:03:55,060
And you can get some information directly as well

98
00:03:55,060 --> 00:03:56,960
from the dashboard.

99
00:03:56,960 --> 00:03:59,040
For fault tolerance, this is something you have to get

100
00:03:59,040 --> 00:04:01,240
by upgrading and service limits.

101
00:04:01,240 --> 00:04:04,260
You can get some information for auto scaling groups

102
00:04:04,260 --> 00:04:07,760
for launch configurations and so on, okay.

103
00:04:07,760 --> 00:04:10,739
So to summarize Trusted Advisor is a very helpful service

104
00:04:10,739 --> 00:04:14,300
with when you have an enterprise or a business plan.

105
00:04:14,300 --> 00:04:16,290
Because you will get access to all of those,

106
00:04:16,290 --> 00:04:18,810
these core checks and alarms on top of it.

107
00:04:18,810 --> 00:04:20,410
If you want it to trigger a refresh,

108
00:04:20,410 --> 00:04:22,180
you could click on this button right here,

109
00:04:22,180 --> 00:04:23,480
which will trigger a refresh

110
00:04:23,480 --> 00:04:26,120
of all the Trusted Advisor recommendations.

111
00:04:26,120 --> 00:04:27,720
And if you go to preferences,

112
00:04:27,720 --> 00:04:30,089
you can get, for example a weekly email notification

113
00:04:30,089 --> 00:04:32,060
for your billing, your operations

114
00:04:32,060 --> 00:04:35,410
and your security by setting an email address right here.

115
00:04:35,410 --> 00:04:36,610
So that's it, you just know

116
00:04:36,610 --> 00:04:37,760
Trusted Advisor at a high level

117
00:04:37,760 --> 00:04:39,120
which is enough for the exam.

118
00:04:39,120 --> 00:04:40,120
I hope you like this,

119
00:04:40,120 --> 00:04:42,070
and I will see you in the next lecture.